private LoginResultDTO buildUserInfoToClient(User existedUser, string token, IList <User> privileges)
{
LoginResultDTO loginResult = new LoginResultDTO();
loginResult.ID = existedUser.ID;
loginResult.AccessToken = token;
loginResult.TokenCreationDate = existedUser.TokenCreationDate;
loginResult.UserName = existedUser.Name;
loginResult.CompanyID = existedUser.CompanyID;
loginResult.DisplayName = existedUser.Name;
loginResult.MustChangePassword = existedUser.MustChangePassword;
loginResult.LastLogonDate = existedUser.LastLogonDate;
loginResult.LogonCount = existedUser.LogonCount;
loginResult.defaultPageSize = existedUser.DefaultPageSize;
return(loginResult);
}
public IHttpActionResult SignIn([FromBody] UserSigninDTO user)
{
if (user == null)
{
return(BadRequest("Invalid Data"));
}
if (user.CompanyCode == null || user.CompanyCode == "")
{
return(BadRequest("公司代号不能为空!"));
}
if (user.UserName == null || user.UserName == "")
{
return(BadRequest("用户名不能为空!"));
}
if (user.Password == null || user.Password == "")
{
return(BadRequest("密码不能为空!"));
}
IInfobasisDataSource db = InfobasisDataSource.Create();
int?companyID = db.ExecuteScalar("SELECT ID FROM SYtbCompany WHERE CompanyCode = @CompanyCode", user.CompanyCode) as int?;
var existedUser = _repository.Get(includeProperties: "Company")
.Where(u => u.Name == user.UserName && u.CompanyID == companyID)
.FirstOrDefault();
if (existedUser == null)
{
return(BadRequest("用户或密码错误,请重新输入!"));
}
string currentPasswordHash = existedUser.Password;
if (!PasswordUtil.ComparePasswords(currentPasswordHash, user.Password))
{
updateUserInfo(existedUser, null, false);
return(BadRequest("用户或密码错误,请重新输入!"));
}
if (!existedUser.Enabled)
{
updateUserInfo(existedUser, null, false);
return(BadRequest("该用户帐号已经被停用,请与系统管理员联系!"));
}
/*
* string authInfo = user.Name + ":" + user.Password; //user.Name + ":" + token;
* byte[] byteValue = System.Text.Encoding.Default.GetBytes(authInfo);
* string accessToken = Convert.ToBase64String(byteValue);
*/
var payload = new Dictionary <string, object>()
{
{ "id", existedUser.ID },
{ "companyID", existedUser.CompanyID },
{ "userName", existedUser.Name }
};
var secretKey = WebApiApplication.SECRETKEY;
string token = JWT.JsonWebToken.Encode(payload, secretKey, JWT.JwtHashAlgorithm.HS256);
if (token == null)
{
return(BadRequest("Token获取失败, 请与系统管理员联系!"));
}
updateUserInfo(existedUser, token, true);
var currentUser = new SqlParameter {
ParameterName = "UserID", Value = existedUser.ID
};
var levelParam = new SqlParameter {
ParameterName = "Level", Value = 1
};
//var privileges = _repository.ExecuteStoredProcedureList<UserPermissionRolePrivilege>("EXEC usp_EasyHR_GetPermissionRolePrivilegeByUser", currentUser, levelParam);
LoginResultDTO loginResult = buildUserInfoToClient(existedUser, token, null);
return(Ok <LoginResultDTO>(loginResult));
}